[ovs-git] Open vSwitch: ipsec: unset IPSEC_MARK flag from skb_mark after tunnel packet is decapsulated (master)

dev at openvswitch.org dev at openvswitch.org
Mon Mar 18 16:40:58 UTC 2013


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Open vSwitch".

The branch, master has been updated
       via  321fa4292766c96b953f0de930c0241251d7e695 (commit)
      from  fba6bd1d3f5891471daea8bf5da22303c2d889df (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 321fa4292766c96b953f0de930c0241251d7e695
Diffs: http://openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=commitdiff;h=321fa4292766c96b953f0de930c0241251d7e695
Author: Ansis Atteka <aatteka at nicira.com>
		
ipsec: unset IPSEC_MARK flag from skb_mark after tunnel packet is decapsulated
		
After tunnel packet is unencapsulated we should unset IPsec flag from
skb_mark.

Otherwise, IPsec policies would be applied one more time on internal
interfaces, if there is one. This is especially necessary after we
will introduce global, low-priority IPsec drop policy that will make
sure that we never let through marked but unencrypted packets.

Signed-off-by: Ansis Atteka <aatteka at nicira.com>
Issue: 15074


-----------------------------------------------------------------------

Summary of changes:
 ofproto/ofproto-dpif.c |    1 +
 ofproto/tunnel.c       |    3 ---
 ofproto/tunnel.h       |    3 +++
 3 files changed, 4 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
Open vSwitch



More information about the git mailing list